use*_*615 5 oauth python-2.7 google-api-python-client google-admin-sdk
我一直试图让服务帐户身份验证为Google Admin SDK工作几天,但无济于事.我正在使用谷歌新安装的google-api-python-client-1.2库.
我一直在关注该主题的Google文档.链接在这里:
HTPS://developers.google.com/accounts/docs/OAuth2ServiceAccount
HTPS://developers.google.com/api-client-library/python/guide/aaa_oauth
HTP://google-api-python-client.googlecode.com/hg/docs/epy/oauth2client.client.SignedJwtAssertionCredentials-class.html
并让tasks.py服务帐户示例正常工作,您可以在此处找到:
HTP://code.google.com/p/google-api-python-client/source/browse/samples/service_account/tasks.py R = c21573904a2df1334d13b4380f63463c94c8d0e8
并且一直在密切研究这两个相关主题的Stack Overflow线程:
google admin sdk目录api 403 python
使用Oauth2作为服务帐户(教育版)的Google管理员API - 403错误
并研究了gam.py(Dito GAM)中的相关代码.
然而,我仍然遗漏了一些东西,因为我在几乎每个编写的测试用例中都收到了'oauth2client.client.AccessTokenRefreshError:access_denied'异常.
以下是测试身份验证的简明示例:
import httplib2
from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials
f = file('myKey.p12', 'rb')
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(
'myServiceAdmin@developer.gserviceaccount.com',
key,
sub='myAdminUser@my.googleDomain.edu',
scope = ['https://www.googleapis.com/auth/admin.directory.user',])
http = httplib2.Http()
http = credentials.authorize(http)
service = build('admin', 'directory_v1', http=http)
当我运行上面的代码时,我得到了这个堆栈转储和异常:
Traceback (most recent call last):
File "./test.py", line 17, in <module>
service = build('admin', 'directory_v1', http=http)
File "/usr/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/apiclient/discovery.py", line 192, in build resp, content = http.request(requested_url)
File "/usr/lib/python2.7/dist-packages/oauth2client/util.py", line 132, in positional_wrapper
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 475, in new_request
self._refresh(request_orig)
File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 653, in _refresh
self._do_refresh_request(http_request)
File "/usr/lib/python2.7/dist-packages/oauth2client/client.py", line 710, in _do_refresh_request
raise AccessTokenRefreshError(error_msg)
oauth2client.client.AccessTokenRefreshError: access_denied
我已经尝试了多个超级用户帐户,服务帐户和密钥,并且最终会遇到相同的异常.如果我在tasks.py示例中添加sub,我最终会遇到相同的错误.用prn替换sub也会生成此异常,并且添加private_key_password ='notasecret'不会执行任何操作(这是默认设置).Admin SDK在Google Developers Console中激活,目标帐户具有超级用户权限.这让我觉得Google域名方面缺少某些内容,但我想不出其他任何问题需要检查.
任何人都知道我做错了什么?
小智 1
您是否已在管理控制台中为您的服务帐户授予第三方客户端访问权限?
当涉及到设置服务帐户时,我要执行的指令是 Google 为 Drive Api 提供的指令。
https://developers.google.com/drive/web/delegation
查看“将域范围内的权限委派给您的服务帐户”部分,看看您是否已完成这些步骤。
| 归档时间: |
|
| 查看次数: |
1937 次 |
| 最近记录: |